July 30, 2008

This is another of those very interesting poll results coming up on java.net regularly. The reason why it's interesting is the number of votes behind "No, I live under a rock and have no clue what static analysis is good for" option.

I've first heard about static analysis in 2005 and have used different plug-ins in my IDE ever since. So I strongly doubt that 20% of the people who gave their vote, really don't know what static analysis is. It has been covered so many times during the last couple of months through various channels, that you just couldn't have missed it!

So if you've never heard of findbugs, checkstyle or fortify then I'll strongly recommend to climb out of your cave and go check it out!

6
comments:

Anonymous
said...

Actually, almost every developer uses static code analysis on a daily basis. Modern compilers and IDEs have lots of built-in checks ("unreachable code", "unused variable" etc.), you just don't think about them because they don't live in a separate tool.

For example, ten years ago, you had to reach for lint(1) for static analysis of C code, but a modern GCC comes with most of the checks lint provided back then. All you have to do is activate them and, most importantly, actually fix the warnings they produce.

I can tell you why I rarely use the mosre sophisticated static analysis tools like PMD and FindBugs. Each time I try out the plugins available for NetBeans, they are broken. Since this used to be the same case for JUnit integration etc., I am guessing that in a few years all IDE's incl. NetBeans will have this build right in.

@Casper - Forget the individual plugins. Grab Checkstyle, Findbugs, PDM, Lint4J and Dependency Finder as one bundler from the SQE project at https://sqe.dev.java.net/It works great and addresses all the brokenness that was a syptom of the individual plugins on netbeans.